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Abstract. This paper gives additional background in algebraic geometry 
as an accompaniment to the article, "Formal Groups, Elliptic Curves, 
and some Theorems of Couveignes" . Section 1 discusses the addition law 
on elliptic curves, and Sections 2 and 3 explain about function fields, 
uniformizers, and powerseries expansions with respect to a uniformizer. 



1 Elliptic curves 

If if is a field then the 2-dimensional projective space P 2 (K) is the set of triples 
(X, Y,Z) E K xK x K such that X, Y, Z are not all zero, modulo the equivalence 
(X, Y, Z) = (IX, IY, IZ) for all ^ A E K. Three points {X h Yi, Z t ) (i = 1, 2, 3) 
in P 2 (K) are said to be colinear if there exist A,/i, v E K, not all zero, such 
that IX i + /LtYi + vZi = for i = 1,2,3. In particular, if Zi ^ for all i 
then the colinearity of the three points (Xi,Yi, Zi) in P 2 (K) is equivalent to 
the colinearity of the points (xi,yi) in the affine plane, where xt = XijZi and 
Hi = Yi/Zi. This follows from the equation Ixi + fiyi + v = for all i. 
A Weierstrass equation is a cubic equation W(X,Y, Z) = 0, where 

W{X,Y,Z) = Y 2 Z + a 1 XYZ + a 3 YZ 2 -(X 3 + a 2 X 2 Z + a i XZ 2 + a 6 Z :i ), (1.1) 

di G K. Since this equation is homogeneous, we can think of its solutions as 
lying in P 2 (K). A singular point is a point P E P 2 (K) such that W(P) = 
dW/dX{P) = dW/dY(P) = dW/dZ(P) = 0, where K denotes the algebraic 
closure of K. It can be shown that the Weierstrass equation has no singular 
points iff A 7^ 0, where A is a certain polynomial in the cn\ see [3], p. 46. 
Let us assume A ^ 0. Then the set of solutions to (1.1) in P 2 (K) is called 
an elliptic curve. The elements of the elliptic curve are called points. If L is 
any field containing all the Weierstrass coefficients di then E(L) is defined to 
be the set of solutions to (1.1) in P 2 (L). The Weierstrass equation can often 
be simplified. For example, in characteristic zero a linear change of coordinates 
puts the Weierstrass equation into the form Y 2 Z = X 3 + a^XZ 2 + a^Z 3 . See 
[3], Appendix A. 

The only point on the elliptic curve which intersects the line Z = is the 
point (0, 1,0). This is called the point at infinity and is often denoted by Oe- 
In contrast, the "finite" points of E(K) are the points (X,Y, 1) which satisfy 
the above equation, and it is customary to identify these points with the points 
(X, Y) in the affine plane K x K such that 

Y 2 + a x XY + a 3 Y = X 3 + a 2 X 2 + a A X + a 6 . (1.2) 



E(K) can be made into an abelian group with additive identity equal to 
Oe by insisting that any three colinear points on E(K) (counting multiplicities) 
sum to Oe- The proof that this group law is associative can be found in [2] 
using Bezout's Theorem or in [3] using the Picard group. In this context, the 
phrase "counting multiplicities" means to count the multiplicities of the roots 
of the cubic which results when one variable is eliminated from the Wcicrstrass 
equation by using the equation of the intersecting line. We give several examples 
which should make this clear. 



Example 1.1: Lines through the origin. The equation of a line through 
(0,1,0) has the form XX + vZ = 0, where A, v e K are not both zero. If 
A = then the line is Z = 0, and the Weierstrass equation becomes simply 
= W(X, Y, 0) = X 3 . This has one solution X = with multiplicity three. Thus 
(0, 1, 0) intersects Z = with multiplicity three. This gives 3(0, 1, 0) = (0, 1,0), 
which is consistent with the fact that (0,1,0) is the identity. If A ^ then 
X = cZ, where c = —vjX. The Weierstrass equation becomes 

W(cZ, Y, Z) = Y 2 Z + (oic + a 3 )YZ 2 - (c 3 + a 2 c 2 + a 4 c + a 6 )Z 3 = 0. 

This factors as 

Z(Y 2 + (oic + a 3 )YZ - (c 3 + a 2 c 2 + a 4 c + a 6 )Z 2 ) = Z(Y - Vl Z)(Y - y 2 Z) 

where 3/1,2/2 belong to a quadratic extension of K and satisfy 2/1+2/2 = — [a,\c + 
03), 2/12/2 = — (c + 0-2C 2 + (14C + ag). The intersection of E with the line is 
{(0, 1, 0), (c, 2/1, 1), (c, 2/2, 1)}, hence (0, 1, 0) + (c, 2/1, 1) + (c, y 2 , 1) = (0, 1, 0). In 
other words, if (c, j/1,1) lies on E then — (c, 2/1,1) = (c, 2/2,1), where 2/1+2/2 = 
— (aic + 03). This gives the inversion formula: 

-(+ V, 1) = {x, -(2/ + ois + a 3 ), 1). (1.3) 

If it happens that y = — (y + a\x + a 3 ), that is, 2y = —{a\x + 03), then (x, y, 1) 
is a two-torsion point. 

Example 1.2: Lines which miss the origin. The equation of a line which 
misses (0, 1,0) is XX + ^iY + vZ = 0, where fi ^ 0. Since (0, 1,0) is the only point 
on E which intersects Z — 0, the intersection points of the line with the elliptic 
curve all have a nonzero Z-coordinate. Let m = — A//i, b = —vj[i^ y = Y/Z, 
x = X/Z. Then the three intersection points (2^,2/1,1), i — 1,2,3, satisfy the 
Weierstrass equation and yi = mxi + b. Another way to view this is: suppose 
(xi, 2/1, 1) and (x 2 , y 2 , 1) are two points on the elliptic curve such that x\ ^ x 2 , 
and define m = (2/1 — y 2 )/{x\ — x 2 ), b = 2/1 — mx\. Substitute y — mx + b into 
the affine form of the Weierstrass equation to get a cubic equation in x of the 
form x 3 + Bx 2 + Cx + D = 0, where the coefficients explicitly depend on the 
di and on m and b. Explicitly, B = —m 2 — aim + a 2 . Two roots of this cubic 
equation are x\ and x 2 . Let X3 denote the third root. Then 



x 3 +Bx 2 + Cx+D = (x-x 1 )(x-x 2 ){x-x 3 ) = x 3 -(x 1 +x 2 +x 3 )x 2 + (- ■ -)x+(- ■ •), 

so that x 3 = —x\ — x 2 — B. This yields the addition formula 

(x 1 ,y 1 ,l) + (x 2 , 2/2,1) = (.x 3 ,-(y 3 + aia;3 + a 3 ),l) if x x ^ x 2 , 

x 3 = -xi - x 2 + m 2 + a x m - a 2 , m = (3/1 - y 2 )/(xi - x 2 ), 
y 3 = mx 3 + yi - mx\. 

Example 1.3: Duplication formula. How do we compute P + PI Assume 
P = (a;i, is not a two-torsion point, that is, 2yi ^ — (a\x + a 3 ). Then 

— (P + P) is the point (x 2 , y 2 , 1) on the curve such that 2(a?i, 3/1, 1) + (x 2 ,y 2 , 1) = 
(0, 1,0). Let IX + \iY + vZ be the line which passes through these points with 
correct multiplicity. It misses the origin, so /i ^ 0. Thus the line has the form 
y — yi— m(x — xi), where y = Y/Z, x = X/Z. First we will find m, then we will 
find x 2 ,y 2 . When y is replaced by m(x — x\) + 3/1 in the Weierstrass equation, 
we get a cubic x 3 + Bx 2 + Cx + D, and it should equal (x — x\) 2 (x — x 2 ). Here 
B = a 2 — m 2 — aim, C = m 2 (2xi) + m(—2yi + a\X\ — a 3 ) + (04 — aiyi). If 
we differentiate the cubic and set x = x\ we are supposed to get zero. Hence 
2>x\ + 2Bx\ + C = 0. We can solve for m in this relation; in fact m will just be 
the slope of the tangent line to the curve E at P, namely m — (dy/dx)(P). It 
turns out 

m = (3x1 + 2a 2 xi + a 4 - a\yi)/(a\X\ + 2yi + a 3 ). 
Since (x - xi) 2 (x - x 2 ) = x 3 + Bx 2 + Cx + D, 

x 2 = —2x\ — B = —2x\ — a 2 + m 2 + aim, y 2 = m(x 2 — x\) +y\. 

Finally, 

2(zi, 3/1,1) = -(x 2 , 3/2,1) = (x 2 ,-(y 2 + a 1 x 2 + a 3 ),l). 

2 Function fields, local rings, and uniformizers 

Let K be any field, and let C = C (X, Y, Z) be a curve in P 2 (K) . This means 
that C is an irreducible homogeneous polynomial with coordinates in K. Assume 
the coefficients of C belong to K, and let C(K) = { P e P 2 {K) C(P) = }. A 
point in C(K) is called nonsingular if VpC 7^ 0, where 

vpC=(A £7( p ) ,^c(p),Ac(p)). 

The function field K(C) of C over K is the set of all quotients 

p(X,Y,Z)/q(X,Y,Z) 

, where p and q are homogeneous polynomials of the same degree with coefficients 
in K such that C does not divide q, modulo the equivalence: p/q = p'/q' iff 



pq' — qp' is divisible by C . The addition and multiplication in K(C) are defined 
in the same way as for rational functions. Equivalently, if we set x = X/Z and 
y = Y/Z then K (C) is the quotient field of the integral domain 

K[x,y}/(C(x,y,l)). 

This field has transcendence degree 1, thus any two elements of the function 
field satisfy some algebraic relation. Notice that p(lX,lY,lZ)/q(lX,lYJZ) = 
p(X, Y, Z) /q(X, Y, Z) because of the homogeneity, so p(P) / q(P) makes sense for 
P G C(K) provided q{P) ^ 0. A function / G K(C) is said to be defined at 
a point P e C(K) if there exists p/q in the equivalence class of / such that 
q(P) ^ 0. If / is defined at P then the value of / at P, denoted f(P), is defined 
as p(P)/q(P) for any (hence every) p/q which is in the equivalence class of / and 
for which q(P) ^ 0. If P G C(K) and / G K(C) is defined at P then f(P) G K. 

As an example, let us show that for the Weierstrass equation, Z/X is defined 
at (0, 1, 0). Since Z{Y 2 + a 3 YZ - a 6 Z 2 ) = X(-a x YZ + X 2 + a 2 XZ + a A Z 2 ), 

-a x YZ + X 2 + a 2 XZ + q 4 Z 2 
1 ~ Y 2 + a 3 YZ-a 6 Z 2 

Now Y 2 + a 3 YZ — a & Z 2 does not vanish at (0, 1, 0), so Z/X is indeed defined at 
(0,1,0). 

For the remainder of this section assume P G C{K). Let flp be the ring 
of functions in K(C) which are defined at P, and let Mp be the ideal of Qp 
consisting of functions which take the value zero at P. Qp is called the local 
ring of C at P. If we identify the set of constant functions with K then 

Qp = K®M P (3.1) 

(internal direct sum) because / = f(P) + (/ — f(P))- 

Lemma 2.1 Qp — Mp = Qp. Mp is the unique maximal ideal of Qp. 

Proof. If f e Q P - M P then / can be written as F(X, Y, Z)/G(X, Y, Z), where 
F, G are homogeneous polynomials of the same degree and F, G do not vanish at 
P. Since l/f can be written G/F, l/f G Qp. This shows that Q P - M P C Qp. 
The reverse inclusion is also true, for if / G Qp then there is g G Qp with 
fg = 1. Then f(P)g(P) = 1, so f(P) is a unit in K. In particular, / is not 
in Mp. We have proved the first statement. For the second statement, let / be 
any proper ideal of Qp. Then I n Qp = 0; otherwise I would equal Qp. Thus / 
misses the complement of Mp completely; equivalently, I C Mp. □ 
Our next goal is to show that if P is a nonsingular point (that is, VpC ^ 0) 
then Mp is principal. First we need some lemmas. These lemmas are true in 
more generality than we state them. 



Lemma 2.2 (Nakayama's Lemma) If A is a finitely generated Qp-module 
and M P A = A then A = { }. 



Proof. Let u\, . . . ,u n be a set of generators for A with n as small as possible. 
Since m G A = MpA, there exist /Xj G Mp such that u\ = f-i u i- Now 
1 — fi\ € i7p , so we can solve for ui in terms of 112, ■ ■ ■ , u n . This contradicts the 
minimality of n. □ 

Corollary 2.3 n£° =1 M£ = {0}. Thus M P D Mp. 

Proof. Let A = CiMp. A is finitely generated by the Hilbcrt Basis Theorem [1], 
p. 13, so A = { } by Nakayama's Lemma. □ 

Lemma 2.4 If P is a nonsingular point of C then Mp/Mp is isomorphic to K . 

Proof. Observe that Mp/Mp is an i?p/Mp-vector space, and Qp/Mp is canon- 
ically isomorphic to K by (3.1). We just have to prove this vector space 
is one-dimensional, or equivalently that its dual is one-dimensional. So let 
I : Mp/Mp -> K be a X-linear map. Since flp = K + Mp, we can think 
of I as a if-linear map from Qp into K which is trivial on Mp + K. 

We will construct a if-linear map ■& : flp — ► K which is trivial on K + Mp, 
and we will prove that A is proportional to Fix coordinates for P. P = 
(X ,Y , Z ). Fix R G K 3 such that RP=l. Let C(X, Y,Z) = be the equation 
of the curve. Let V P C = (dC/dX(P),dC/dY{P),dC/dZ(P)), the gradient of 
C at P. We claim VpC and R are linearly independent. First observe VpC ^ 
since the curve is nonsingular at P by hypothesis. By Eulcr's identity (Xd/dX + 
Yd/dY + Zd/dZ)C = dcg(C)C. (The proof of Eulcr's identity is that for any 
monomial X a Y b Z c , we have (Xd/dX + Yd/dY + Zd/dZ)(X a Y b Z c ) = (a + b + 
c)X a Y b Z c .) Evaluating Eulcr's identity at P gives P ■ V P C = deg{C) C(P) = 0. 
Since P ■ R ^ 0, this shows VpC is linearly independent from R. It follows that 
the space of vectors which are orthogonal to R and VpC is one-dimensional, 
spanned by a vector T. 

Define'?? : Q P -> K by 

m = T-vp(f). 

We claim i? is well-defined, X-linear, and surjective. To prove it is well-defined, 
it suffices to show T ■ x 7p(F/G) = if F vanishes identically on the curve and 
G(P) + 0. In that case, C divides F. Let h = F/(CG). Then 

T ■ V P (F/G) = C(P)T ■ V P h + h{P)T ■ V P C = + 

as required. The map 1? is certainly X-linear. If S is any vector in K 3 such that 
S-P^ObutS-TVO then 

T ■ Vp(S ■ (X, Y, Z)/R .(X,Y,Z)) = ^- {T { * ){ p )2 P) = * 0, (3.1) 

so the map is nontrivial. Any nontrivial X-linear map into K is surjective. Let us 
show that the kernel contains K + Mp. Certainly T ■ Vp annihilates the constants 
K. If f,g G Mp then Vp(fg) = by the product rule, so Mp is in the kernel 
also. 



It remains to show that an arbitrary linear map I : flp — ► K which is trivial 
on K + Mp coincides with a multiple of d. The map A obeys a product rule, 
for if / = f(P) + f u g = g{P) + 9l where f,g G Q P then f 1 ,g 1 G M P , and 

fg = f(P)g + g(P)f - f(P)g(P) + fm, so 

Kfg) = f(P)i(g) + g(PW)- 

It follows that I is completely determined by its values at X/p, Y/p, and Z/p, 
where p = R- (X, Y, Z). Denote these by values by a, (3, 7. We claim (a, (3, 7) is 
proportional to T. This will imply there is a one-dimensional space of such A; in 
particular I must be proportional to 1?. We must show (a, (3, 7) is orthogonal to 
both R and VpC". Let R = {Ri,R 2 , R 3 ) and p = R X X + R 2 Y + R 3 Z. Then 

R ■ (a, f3, 7) = Ril{X/p) + R 2 l(Y/p) + R 3 l{Z/p) 

= + R 2 Y + R 3 Z)/p) = 1(1) = 0, 

V P C • (a, (3, 7) = l(C(X/p, Y/p, Z/p)) = l(C(X, Y, Z)/p dc ^) = 0. 

□ 

Corollary 2.5 Supose P is nonsingular. Let u G Mp, and let R,T be nonzero 
vectors in K 3 such thatR-P ^ 0, T R = 0, andT-V P C = 0. Then u G M P -M P 
iffT-Vpu^ 0. Also, if S ■ P = but S - T ^ then S ■ {X, Y, Z)/R ■ (X, Y, Z) 
belongs to M P - Mp. 

Proof. In the notation of the preceding proof, the hypothesis states that d(u) ^ 
0. Since t? induces an isomorphism of Mp/Mp with K, we know u G - Mp iff 
^ 0. The last statement follows from (3.1). □ 

Proposition 2.6 Suppose P is nonsingular. Then M P is a principal ideal of 
flp. In fact, if u G M P then M P = ufl P ^=^> u Mp. 

Proof. M P ^ Mp by Lemma 2.2. Let u G Mp — Mp. Then 

^ Qp_ ^ uQ P _^ uQp 
~ M P ~ uM P Mp ' 

The image of 1 in this composite map is u mod Mp, which is nonzero. Thus the 
kernel of the projection map from uflp /uMp into uflp/Mp has to be trivial. 
This shows uM P = Mp. 

Also, M P = uK + Mp because M P /Mp is a one-dimensional if-vector space 
by Lemma 3.4. Thus 

uQ P = u(K + Mp) = uK + uM P = uK + Mp = M P . 

□ 



Corollary 2.7 Suppose P is nonsingular. Let ^ / € K(C), u G Mp — Mp. 
There is a unique integer v(f) such that f = u v ^'g with g G Op. This integer 
does not depend on the choice of u. 

Proof. Write f — F/G with F,G homogeneous of degree m. Choose R G K 3 
so that P ■ R ^ 0. Let p be the homogeneous polynomial p = R ■ (X,Y,Z). 
Then / = f 1 /f 2 , where f\ = F/p m and / 2 = G/p m . Note that f u f 2 € Q P . By 
Corollary 3.3, 

Q P - {0} = U~ (M? - M£ +1 ), 

where M P = 1? P . Clearly MJ5 - M™ +1 = u n Hp 7 since M = uQ P . Define m,n 2 
by /i G Mp'-M™ 1+1 , and let n = m-n 2 . Then /u"" = /iM"™ 1 /(.f 2 u _ " 2 ) G ^p- 

□ 

i7p is called the local ring at P. If P is nonsingular, then a uniformizer 
is an element of Mp such that Mp — ufip; equivalently it is an element of 
M P - Mp. The integer v(f) is called the valuation of / at P. If v(f) > 0, / 
has a zero of order v(f) at P; if v(f) < 0, / has a pole of order —v(f) at 
P. If = 0, we say / is finite and nonvanishing at P. 

Example 2.8 Let C — W be given by the Weierstrass equation (1.1). Let us 
show that X/Y is a uniformizer at (0, 1,0). In Corollary 2.5 we take R = P = 
(0,1,0) and compute from (1.1) that V P W = (0,0,1). Thus T = (1,0,0). Now 
X/Y vanishes at P, and T ■ V P {X/Y) = d/dX(X/Y)\ P = 1 ^ 0. So X/Y is a 
uniformizer by Corollary 2.5. □ 

Example 2.9 Let us compute v(Z/X) at the point P = (0, 1,0) on an elliptic 
curve. By (1.1), ZV = X 3 , with 

V = Y 2 + a x XY + a 3 YZ - a 2 X 2 - a A XZ - a e Z 2 . 

Then Z/X = X 2 /V = {X/Y) 2 (Y 2 /V). Since Y 2 /V £ Q* and X/Y is a uni- 
formizer, we see that v(Z/X) = 2. Thus x — X/Z has a pole of order 2 at the 
origin. Since Y/Z = (Y/X)(X/Z), y = Y/Z has a pole of order 3 at the origin. 

□ 

3 Power series expansions 

Lemma 3.1 Let C = C(X,Y, Z) be a projective curve over K which is nonsin- 
gular at P. Suppose C has coefficients in K and P e G{K). Let u G K(C) be a 
uniformizer at P. If f is a nonzero function in K{C) and v(f) = a then there 
exist unique constants fj G K for j > a such that for any N > a, 

N 

f — fjU-i has a zero of order at least N + 1. 

j=a 



Moreover, f a ^ 0. 



Proof. Let g = u~ a f G Qp, f a = g(P). This is the only constant for which 
g — f a € Mp, so it is the only constant for which v(f — u a f a ) = v(u a (g — f a )) > a. 
^From this observation, the lemma may be easily proved by induction. □ 

Corollary 3.2 A choice of uniformizer u at P determines a one to one homo- 
morphism of rings 

Vu-.Qp^ K[[t}}. 

If 7^ V = ^ViT 1 G ^[[t]], define deg(F) to be the smallest integer n such 
that v n 7^ 0, and define deg(0) = oo. If one puts metrics on flp and on K[[t]\ 
by the rules \f\ = c vp ^ for f G Q P , \V\ = c dc ^ for V G K[[t}\, where 
< c < 1, then fy u is an isometry. In particular, fy u is continuous with respect 
to the topologies on Hp, K[[t]] which are induced by the above metrics. The 
image of*P u is dense in K[[t)). 

Proof. The homomorphism \P U is defined by: ^u{f) = ^2 fjT J , where the fj are 
as in Lemma 3.1. It is easy to see (using the uniqueness of the coefficients fj) 
that ^ is a ring homomorphism. ^ u is an isometry because vp(f) = a implies 
f a is the first nonzero coefficient. If &u{f) = then |/| = ^(Z) = |0| = 0, so 
/ G HMp. By Corollary 2.3, / must be zero; thus \P U is one to one. If g is any 
polynomial with coefficients in K then g{u) G flp and ty u {g(u)) = g(r). This 
shows ip u (f2p) is dense in if [[t]]. □ 
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